KBZ Internet banking

For legal entities

Internet banking is the simplest way to manage your business and corporate finances.
You can easily access all your accounts, view statements, execute transactions and domestic and foreign currency payment operations and much more, without visiting a Bank or FINA branch. Our internet banking service KBZ Net Banking allows you
to save time and money, by managing your finances whenever and wherever you
like with considerably lower fees. All you need is a computer with internet access.

Just fill in this
application form and hand it over in your nearest
branch. Upon approval, we will provide you with a username and password,
and send you the smart card and card reader by mail.

Services

Using KBZ Net banking provides you a full advantage of the most competitive fees for:

overview of the current balance on your accounts

overview of statements for all your account

overview of all Internet account transactions

execute domestic and foreign currency payments

download statements

download payment operation files [in the standard FINA format]

summary statements

Safety

Internet banking brings many advantages allowing you to quickly and easily access
your accounts and financial resources. Along with all the benefits that come with
KBZ Net Banking, the service also needs to be secure and reliable due to the open
nature of the Internet. Therefore, we have integrated security as a core component
of the whole system. We deploy a PKI infrastructure, the latest technology that
sets the standards in security and reliability in doing business online.

The security of the KBZ Net Banking service consists of the following components:

electronic signature

authenticity of Kreditna Banka Zagreb on the Internet

data protection using secure Internet communication channels

information system protection of Kreditna banka Zagreb

Electronic signature

The electronic signature is the most comprehensive and most important segment of
the service safety. The electronic signature is used to identify the user and to
electronically sign the documents exchanged between the client and Kreditna banka
Zagreb. According to the Electronic Signatures Act, an electronic signature is a
"collection of data in electronic format accompanied by or logically interconnected
with other data in electronic format, used to identify the party that signed the
document and the authenticity of the signed electronic document". The KBZ Net
Banking service uses PKI (Public Key Infrastructure) technology for electronic signing.

PKI technology is based on smart cards with certificates provided to the users during
the certification process. The smart card cannot be used without a PIN (Personal
Identification Number) that is known only to the user i.e. holder of the smart card.
It is the responsibility of the service user to keep the smart card and PIN number
secure and secret.

The certification process itself requires personal identification of the user before
the smart card and certificate are issued. Using the smart card and the installed
smart card reader, the user logs into the KBZ NetBanking application and signs each
document (financial or non-financial) that is exchanged with the bank. The application
login process prompts the user to sign a random data sequence generated by the bank's
server. The application checks the electronic signature of the randomly generated
sequence, and determines the actual user that is attempting to log into the application.
That way, the following security checks take place:

does the user possess a valid smart card

does the user possess the PIN number for the smart card

the requirement to sign the randomly generated sequence does not allow a previously
used signature to be used for logging into the application

Each created slip needs to be electronically signed by one or more users before
it can be processed. This ensures non-repudiation i.e. inability to deny the fact
that the slip was created and sent.

Technology behind electronic signatures

Electronic signatures are based on Public Key Cryptography. Each user owns a unique
pair of keys. One of the keys is secret or private and is used only by the keyholder.
The other key is public and available to everyone. The keys of the pair are connected
using a complex mathematical algorithm (RSA algorithm) which ensures that:

it is impossible to retrieve the private key when one possesses the public key

everything that is encrypted using the private key can only be decrypted using the
public key, and vice versa

In other words, everything that a user encrypts using his/her private key can be
decrypted by others using the encryptor's public key, thereby being reassured that
it is that specific user who encrypted the documents (nobody else possesses the
user's private key).

Electronic signatures are based on the two above-mentioned principles: firstly,
to prove the identity of the user and to ensure non-deniability of the fact that
the user signed something electronically, and secondly, to ensure the protection
of the electronically signed information. Nevertheless, one problem remains to be
dealt with. How to prove that the public key is authentic i.e. really belongs to
the user and not an intruder who is impersonating the user. The approach to this
problem is to use certificates. According to the Electronic Signatures Act, a certificate
is defined as "an electronic document which binds the information used for
verifying an electronic signature with the identity of an individual and confirms
the identity of that individual.". Simply put, a certificate binds a user with
his/her public key. Each certificate is electronically signed by the certificate
issuer, an entity that verifies the information stored on the certificate i.e. guarantees
that the person or entity identified is also the holder of the public key. The certificates
used for electronic signatures are issued and electronically signed by Kreditna
Banka Zagreb. The bank also issues key pairs to their users, and guarantees that
the private key is stored on the smart card and handed over to the person whose
data is stored on the certificate along with the public key of the same key pair.

Authenticity of Kreditna Banka Zagreb on the Internet

When logging into the KBZ Net Banking application, users must be certain that they
are indeed communicating with Kreditna banka Zagreb i.e. our Internet server. Therefore,
the KBZ server also possesses a certificate issued by Kreditna banka Zagreb, the
same issuer of the user certificates on the smart cards. Kreditna banka Zagreb guarantees
that the certificate is indeed issued to the Internet server whose name is stored
on the certificate. Knowing this, users can check the identity of the server they
are connecting to when accessing the KBZ Net Banking application by clicking on
the lock icon in the lower-right side of their web browser. On the certificate that
appears, the user has to check whether the name of the server [Issued To:] corresponds
to the name entered in the address bar of the web browser after the "http://"
or "https://" part. On the certificate, the user also has to check the
validity of the certificate [Valid from: - Valid to:], as well as the correctness
[Certificate Path - Certificate Status].

Data protection

The electronic signature technology prevents the modification of data that KBZ Net
Banking users exchange over the Internet. The SSL protocol is implemented in order
to additionally protect the exchanged data from being read by an unauthorized party.
All data exchanged between the user and the KBZ server are encrypted using the protocol
at all times. The data encryption is done using a secret key randomly generated
by the user's browser, every time it connects to the server. The secret key is delivered
to the server protected using the public and private key encryption method. To successfully
establish an SSL connection and check the authenticity of the KBZ server, the user
must use newer web browser versions. Users can click on an image on the main web
page of the application in order to check whether their browser satisfies the browser
requirements. A locked icon in the bottom part of the web browser is displayed as
an indicator of a successfully established SSL connection.